sb-nz logo
Story image

Interview: HID Global talks trusted identities, privacy & why we need to be ready for smart buildings

16 Aug 2017

HID Global is a major player in the identity management space and more committed to trusted identities than ever before.

At the Security Exhibition & Conference last month, Serra Luck, HID Global's VP End User and Consultant Business - Physical Access Control Solutions, discussed asset tracking, security and why identity access management is key to building a successful organisation.

The company has just released a product that tracks assets as they move to and from a space. Whether people, physical objects or other items, it’s all about optimising resource use.

Late last year HID Global acquired Bluvision, a Bluetooth-based real time location services provider.

From that came HID Location Services, which has now launched in the APAC market. It helps to improve workplace optimisation for the enterprise market; condition monitoring for engines; asset tracking in the IoT space that is protected by encryption.

Essentially asset tracking means that every device trusts each other within a building – useful when some devices could potentially be hazardous, the company explains.

Luck explains that with trusted identities, HID provides credentials to millions of users. These protect places, things and people.

“An identity can be provided to anyone but it’s extremely important that the identity is trusted so you don’t need to introduce it to multiple systems again and again. It is authenticated, authorised and trusted by different systems, so it can be re-utilised.”

She says that physical access control is still in a traditional place, but that will soon change.

“We see a lot of changes happening in IT. With smart buildings and smart cities coming in, and other changes happening in the marketplace, we see the change is coming to physical access control security. The evolution is there.”

Since 2014, the company saw those changes coming, and has spent the last three years working with mobile access technologies. She says this is one of the reasons the company acquired Bluvision.

“A traditional card reader company would be issuing and personalising a card, managing it with different services and sending it to the user. Now with mobile access, a smartphone can do exactly the same thing as a card, and more. For smart buildings, it can open a door. It can help to access vending machines.”

“We also see that with trusted identities and connectivity, we’ve been asked about convergence. People ask, ‘Hey, I’m in IT, I’m using my identity as Serra and now I need to have another identity to access the building. Why do I need to have two?’”

“The challenge is how to put these things together. With smart building and building management systems coming in, trusted identities would be able to serve IT services, physical access security services. This is why we suggest that organisations consider combining technology such as SEOS," she explains.

With such mobile access and physical access control logs being generated all the time, we asked how this data is managed securely.

“Privacy is extremely important. We see different laws and regulations around the world. There’s no single model but people, governments and organisations care about privacy. In a service environment such as location-based services, it’s more important to focus on the service without necessarily attaching it to the ‘who’. How do I do it and what type of benefits does it bring. For example, do I have everyone that needs to be outside actually outside in case of fire.”

“It’s not about tracking or monitoring people, it’s about keeping the bad people out and preventing insider attacks with the right risk management. We can make data anonymous – we don’t even need to know who is accessing the system as long as you as an enterprise decide that. It’s important for financial and government customers that we secure those environments," Luck says.

While there is still a spot for physical access control, Luck is adamant that organisations can’t ignore the virtual world.

“The younger generations will be pulling it, especially the people who move a lot in larger organisation. There’s the convenience of it. As a security officer issuing multiple cards, virtual identities are more convenient and sustainable.”

“It’s up to the enterprise what risks they want to take and how they want to manage that risk,” Luck concludes.

Story image
The rising threat of human-controlled ransomware
Until recently, most ransomware attacks have been automated affairs. But things are changing, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More